techwise group logo
illustration of person standing with a laptop using microsoft secure score

Security Tips and Features: Secure Score-Tech Tip for July 16, 2024

In this week’s Tech Tip, we discuss Microsoft Secure Score, a tool that can help your organization gain visibility to measure and improve your security posture across your Microsoft 365 products. Microsoft Secure Score guides and recommends the ways in which you can increase your security posture, breaking down immediate incremental steps to implement best practices for your Microsoft environment over time. Let’s explore the benefits of using this robust security tool!

Access Secure Score

Microsoft Secure Score access requires an Administrator role, and a Microsoft 365 subscription. The tool is available from the Microsoft Security portal (security.microsoft.com) by selecting ‘Secure Score’ from the menu (at left). Your Administrator role should allow you to view the Secure Score dashboard, and Microsoft Security recommendations. If you do not have an Administrator role, and have a Security Reader role instead, you can still work with the tool, which will allow you to see recommendations, but not to make any changes.

TIP: Ask your Administrator to share the Secure Score reports with you via email or Power-Bi. Reach out to TechWise Group to discuss security measures that you can take for your organization.

TIP: Monitor and use Secure Score responsibly. Be mindful that certain controls included within this security tool can be more complex to deploy and can have a high impact within your organization. Reach out to TechWise Group or your IT to discuss an implementation plan.

Products Included in Secure Score Recommendations:

  • Microsoft 365 (including Exchange Online)
  • Microsoft Entra ID (formerly Azure Active Directory/Azure AD)
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Teams

Secure Score organizes recommended actions around the following groups:

  • Identity (Microsoft Entra ID accounts/roles).
  • Devices (Microsoft Defender for Endpoint, known as Microsoft Secure Score for Devices).
  • Apps (email and cloud apps, includes Office 365 and Microsoft Defender for Cloud Apps).
  • Data (through Microsoft Purview Information Protection).

screenshot of microsoft secure score, showing a secure score of 57% along with recommendations for security improvements

How Secure Score Works

Microsoft Secure Score determines which Microsoft 365 services an organization is using. Controls can be filtered by Microsoft licenses you already have, so applicable changes will be shown without needing to upgrade license tiers. Secure Score looks at configurations and behaviors and compares these to a Microsoft-configured baseline. It works on a point-based system for every recommended action or partial action that you take. 

  • Receive prioritized recommended actions your organization can take to improve its score.
  • The more improvements or actions that you take, the higher the score.
  • Secure Score reports on historical trends and the current state of your security posture.
  • It provides visibility, discoverability, guidance, and control into your environment.
  • The dashboard analytics can show comparisons and performance indicators (KPIs). 

First Steps with Secure Score

Secure Score makes these steps straightforward, but you should work with your external and internal IT teams to come up with a Secure Score plan, prior to any changes or implementation. By taking responsible steps to plan and enable Security defaults for Entra ID in your environment (from Microsoft baseline recommendations), you will be awarded full points:

  • Ensure all users complete multifactor authentication for secure access (9 points).
  • Require MFA for administrative roles (10 points).
  • Enable policy to block legacy authentication (7 points).

TIP: Security defaults have similar security features as the suggested actions for “sign-in risk policy” and “user risk policy”. Instead of adding these policies to the security defaults, Microsoft suggests marking their statuses as “Resolved through alternative mitigation.”

Design Your Secure Score Plan

Every organization will have different priorities, goals, timelines, and success criteria. Planning and implementing changes for your organization should involve key stakeholders such as your Chief Information Security Officer (CISO), IT security manager, administrators who manage your on-premises Active Directory, Exchange, Microsoft Entra ID, networking (external IT), and so on. 

Things to consider when discussing your Secure Score Plan:

  • The potential for risk.
  • The difficulty of implementing proposed solutions.
  • The time frames for implementation.
  • The effect on rating based on each Microsoft 365 Secure Score recommended action.

Now is the perfect time to work together with your organization’s external IT to come up with a plan! Be sure to follow along with us in our Tech Tip series for more technology tips.

Reach Out to TechWise Group

Interested in learning more about Microsoft Secure Score and next steps for your business? Reach out to TechWise Group. We’ll help you make the most of your Microsoft tools.

Important Microsoft Announcements:

  • Maximize your organization’s Security with Secure Score and MFA:
    • Get to know your Secure Score—your essential tool for proactive threat management.
    • Enabling Multi-Factor Authentication (MFA) is the best way to prevent cyberthreats.
  • Give your business a productivity boost with Microsoft Copilot:
    • Take advantage of a 15% discount on Copilot licensing now through Dec 31, 2024 (terms and conditions apply).
    • Get started with Copilot consulting services to organize and secure your data, while also training you and your team.
  • Keep your infrastructure up to date:
    • SQL Server 2014 reaches End of Support (EOS) on July 9, 2024.
    • Windows 10 reaches End of Support (EOS) on October 14, 2025.
    • Windows 11 feature update 23H2 is now available (September 2024).
    • Windows 11 version 22H2 Home and Pro editions will reach end of service (October 8, 2024) and will be required to upgrade to version 23H2 to continue receiving security updates.
    • Windows 11 Enterprise and Education editions with 22H2 will continue to be supported after October 8, 2024.
  • Contact TechWise Group to get started or to put a plan in place.